Skip to main content
CybersecurityVulnerability Management

CISA Warns of Four Critical Vulnerabilities in KEV Catalog, Recommends Fixes by February 25

CISA Warns of Four Critical Vulnerabilities in KEV Catalog, Recommends Fixes by February 25

CISA Warns of Four Critical Vulnerabilities in KEV Catalog

CISA Warns of Four Critical Vulnerabilities in KEV Catalog, Recommends Fixes by February 25

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog. This action comes in response to evidence indicating that these vulnerabilities are actively being exploited in the wild. CISA recommends that organizations address these vulnerabilities by February 25.

Details of the Vulnerabilities

  • CVE-2024-45195 (CVSS score: 7.5/9.8) – A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized access.

Quick Summary

CISA has identified four critical vulnerabilities that pose significant risks to organizations. Immediate action is recommended to mitigate these threats, with a deadline set for February 25.

Key Points

  • CISA has added four vulnerabilities to the KEV catalog.
  • Evidence of active exploitation has been observed.
  • Organizations are urged to implement fixes by February 25.
  • CVE-2024-45195 is a notable vulnerability in Apache OFBiz.